Well, paint me red and call me a girl scout: Facebook, Google, and several other advertising networks are using a loophole to make sure third party cookies could still be installed on Safari and Mobile Safari, even though those two browsers technically shouldn't allow such cookies. Google has already ceased the practice, and in fact, closed the loophole in WebKit itself months ago.

I know one can get too paranoid and see patterns and intent in a simple fuck up, I am not generally a conspiracy theorist, but episodes like this one with Google circumventing user privacy settings can reflect deeper truths about a company's core dynamic. I do think this episode reveals something about Google and privacy and what the core dynamic of Google's business is, about what drives Google. I don't mean what are it's professed ideals but rather what are the central dynamics and drives of its core business model.

The way Google makes money, the only way it makes money, it's almost sole source of income, is to sell advertising. And Google can sell that advertising because it offers the buyers of the advertising the very special added benefit of targeting that advertising, of putting ads before people that are cleverly and effectively tailored to match the interests and concerns of the individual viewer. And Google does that by watching and recording what people do on the internet, what they search for, what they watch, what they read and receive and in their emails, who they network with, etc and then recording and storing that behaviour at the level of the individual so it can be interrogated by Google's advertising distribution algorithms. Being able to watch what people do and record it at the level of an individual is absolutely central to the very core of Google's corporate identity.

Without being able to watch and record what people do Google no longer has a product to sell. This means that Google will always view areas of activity on the internet which it cannot record and inspect and record as a threat, to be broken into or routed around. This is not about ethics or the simplistic and somewhat childish notions of good and bad, it is about basic business logic. For Google opening up, inspecting, recording information and behaviour is really just one big technical problem and all Google wants to do with this information is just make things better for the user, to make the search results and the advertising that each of us sees more relevant, better.

Google has to be able to watch enough of us enough of the time so that the adverts it places are accurately tailored to each of us. Then it has a product it can sell. If it cannot watch and record at the level of individuals Google has no business and nothing to sell.

But every major web based service provider either already does or aspires to do the same. Google is only ahead in the game.

Free products need to be supported by ads (which are generally determined algorithmically) but that does not necessarily mean that users are not being tracked in case of paid products/services. The service providers still have the same kind of data about the activities of paid users'. Only, in case of paid services, ads aren't being served. But the user's usage behaviour remains in the custody of the service provider whether you are paid user or a free user and it is likely to be used for purposes other than serving ads.

But every major web based service provider either already does or aspires to do the same. Google is only ahead in the game.

Free products need to be supported by ads (which are generally determined algorithmically) but that does not necessarily mean that users are not being tracked in case of paid products/services. The service providers still have the same kind of data about the activities of paid users'. Only, in case of paid services, ads aren't being served. But the user's usage behaviour remains in the custody of the service provider whether you are paid user or a free user and it is likely to be used for purposes other than serving ads.

Company's other than Google collect user data, often this is done as a way to add value (from the company's point of view) and generate additional income alongside income generated by products or services they sell. In the case of Google user date is a core product, a product absolutely central to Google's ability to make money. Collecting user data in order to target advertising is the basis on which Google makes all it's money. This means that the drive to collect user data (and to surmount any obstacle to collecting user data) is very, very strong and fundamental in Google and will always be very active.

Wait, so it's Apple's fault that Google and FB purposely and willfully circumvented controls in Safari and said "F U" to the millions of Safari users privacy concerns so that they could continue to make money? Really?

Apple are guilty of keeping a known security hole in their browser opened for 7 months after it is fixed in the source. To follow your analogy : if you leave the key to your house under the doormat and your neighbour has publicly poked fun at the fact when he found out months ago, you should expect someone to break in and make copies of the embarrassing photos under your mattress at some point*.

Google and Facebook are guilty of violating standard security practices by not informing Apple in a direct way and giving them some time to fix the hole before beginning to exploit it. This kind of hacker ethics does not translate well to real-life situations, but it is the way things work in the realm of computer security.

* It seems we do not have the same view of what kind of offense online privacy violation represents.

Wait, so it's Apple's fault that Google and FB purposely and willfully circumvented controls in Safari and said "F U" to the millions of Safari users privacy concerns so that they could continue to make money? Really?

No, but it is Apple's fault that this security hole still exists in Safari when it has been fixed in the Webkit source months ago. They're all pricks: Google and Facebook for giving us the finger where our privacy is concerned (though surely people aren't actually surprised by that), and Apple for failing to keep their version of Webkit patched and in better sync with the current source tree. The real question is, now that this is out in the open, will Apple patch it promptly?

Microsoft's Corporate VP for Internet Explorer, Dean Hachamovitch, made allegations Monday that Google was bypassing Internet Explorer's privacy settings, not just Safari's measures. After checks, he claimed that Google's cookie text files, meant to allow +1 actions for those who were signed into Google, were skirting the P3P Privacy Protection standard as it was implemented in Internet Explorer 9. The technique supposedly made IE9 take third-party cookies that it would block by default while keeping the action a secret.

To honor P3P, Google was supposed to send a set of policy tokens indicating how the cookie's information would be shared. Google was supposedly exploiting a P3P clause that skipped users' preferences if the policies weren't defined. Any browser that used P3P interpreted the message that the token was "not a P3P policy" as a sign to allow the cookie, letting Google have its intended +1 effect but also possibly allowing third-party ads despite the usual blocking settings.

The executive implied this wasn't just a casual trick, since Google would have had to use "technically skilled" staff with "special tools" to see the P3P descriptions.

At some point Google saying 'oops - a mistake - we are sorry' is going to wear a bit thin.

I don't know anything about Safari, I use Linux, but on both Google Chrome and Mozilla Firefox you can set it up so that all cookies are cleared when you exit the browser. You can also block all cookies all the time, but that probably isn't a good idea since a lot of web sites will simply not work at all if you do that.

How to:

Chrome: click on the little "wrench" (upper right corner), Preferences, Under the Hood, Content Settings, Cookies, Clear cookies and other site and plug-in data when I close my browser

If that's not sufficiently private enough, then Google Chrome lets you browse in "incognito mode." That's just a little inconvenient but if you're a privacy buff, it may be worth it. The details on how to do that:

Clearing cookies only protects you from such things as targeted advertising. You should realize that even if you turn off cookies, that doesn't stop governments from snooping on you. Absolutely everything you do online can be recorded by your ISP. Many governments require ISPs to keep such records of your online doings and turn that info over to the spooks. The USA is probably the worst offender with the Patriot Act.

In Firefox, under preferences->privacy->use custom settings for history->accept third party cookies, is on by default.

I read a bug report somewhere un-ticking this doesnt actually stop third party sites from setting cookies anyway. But it's interesting that is this case it seems Firefox is less privacy concerned than other browsers.

I don't trust them and that's why I block them with every tool I can. I carve "like" buttons from webpages, stop scripts, whole domains, I clean cachesz, etc.
I don't simply settle down on trusting "don't trace me" flag in browsers.
The bad advertisers will always try to spy on us in unethical way, that's why we should take every possible step to stop it.

I'd even suggest a fightback action where users would spy on corporate advertisers publishing their sensitive data, infos, etc.
LET THEM FEEL THE PAIN THEY'RE MAKING TO OTHERS.

The more I keep reading about Apple's death grip on its hardware, from its iPods and iPhones to it's Mac desktops long after they're sold, I can't help but wonder why anyone would own one? And I use the term "own" very loosely as it's obvious who really owns an Apple product. Apple! Moreover, Apple's aggressive assaults on Google, Samsung and other companies who attempt to bring an Apple-esque user experience to competing devices is yet another example of Apple's intentions to keep a tight control over what it considers to be computing nirvana to the exclusion of anyone else getting in the game. Personally I think it's a little scary.